From ff9f40d5de7d47f8827083be670a1ad698252f4c Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Sat, 6 Jul 2013 14:54:30 -0300 Subject: Fix #2962, allow to remove VIP if gateway IP is on the interface's subnet --- usr/local/www/firewall_virtual_ip.php | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'usr/local/www/firewall_virtual_ip.php') diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index 2a17a9e..3a3cb3d 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -107,14 +107,21 @@ if ($_GET['act'] == "del") { } } - if (is_ipaddrv6($a_vip[$_GET['id']]['subnet'])) + if (is_ipaddrv6($a_vip[$_GET['id']]['subnet'])) { + $is_ipv6 = true; $subnet = gen_subnetv6($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']); - else + $if_subnet_bits = get_interface_subnetv6($a_vip[$_GET['id']]['interface']); + $if_subnet = gen_subnetv6(get_interface_ipv6($a_vip[$_GET['id']]['interface']), $if_subnet_bits); + } else { + $is_ipv6 = false; $subnet = gen_subnet($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']); + $if_subnet_bits = get_interface_subnet($a_vip[$_GET['id']]['interface']); + $if_subnet = gen_subnet(get_interface_ip($a_vip[$_GET['id']]['interface']), $if_subnet_bits); + } $subnet .= "/" . $a_vip[$_GET['id']]['subnet_bits']; + $if_subnet .= "/" . $if_subnet_bits; - $is_ipv6 = is_ipaddrv6($a_vip[$_GET['id']]['subnet']); if (is_array($config['gateways']['gateway_item'])) foreach($config['gateways']['gateway_item'] as $gateway) { if ($a_vip[$_GET['id']]['interface'] != $gateway['interface']) @@ -123,6 +130,8 @@ if ($_GET['act'] == "del") { continue; if (!$is_ipv6 && $gateway['ipprotocol'] == 'inet6') continue; + if (ip_in_subnet($gateway['gateway'], $if_subnet)) + continue; if (ip_in_subnet($gateway['gateway'], $subnet)) { $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one Gateway."); -- cgit v1.1